I have a MQTT Mosquitto server running on a Raspberry Pi, and it receives local energy data every 5 seconds, along with other MQTT data - switches, environmental data etc.
Currently, the same Pi processes the data in node-RED, and publishes it in a NR dashboard & Grafana.
However, I've also setup node-RED in a Oracle VM, and considering processing/displaying the data in the VM instance instead of my local Pi.
What would be the best way to securely/efficiently get the data to the VM from my local Pi, and get data back from the VM to my local Pi?
MQTT using SSL/TLS
MQTT over websockets
Websockets
Something else
I've no experience of doing any of the above, and I've a feeling that this is going to be a learning curve!!
"Easiest" way likely to be using Node-RED to replicate messages to the remote broker. You would also want TLS for that too though unless you are using a secure connection to the VPS (an SSH tunnel for example).
Best security is to ensure that you are only ever pushing data to the VPS & that the VPS has no way to send data back the other way.
That leaves me with a bit of a problem because both sites are proxied by Cloudflare, and port 1883 is permenantly closed.
I've read a number of previous posts about this, but not really seen a viable solution.
One suggestion made was to use MQTT over websockets, but I've found little information about this, let alone a NR example flow to work from. Also is this a resource hungry approach?
Another mentioned creating a sub-domain, and 'greying out' (removing) the cloudflare proxy from the sub-domain, so port 1883 would then be open for the sub-domain url.
However, just tried that, and cloudflare reported that I was exposing my main domain, as proxied & non-proxied traffic was being directed to the same server IP.
I believe that the "proper" way Cloudflare want you to use is their Spectrum tool which is part of their Enterprise plan so out of reach for most of us.
I think that you have to do one of the things you've mentioned. I'm not aware of any issues regarding performance mqtt over websockets though it is true that it does add an additional wrapper so the packets must be a little larger.
Not sure about the warning - that approach is recommended by Cloudflare themselves for allowing traffic to SSH for example.
Either way, make sure that you are only using TLS encrypted connections of course.
Anyone got an example flow, or any pointers for setting up MQTT over Websockets?
I don't think it's covered in the node-RED guides or forum.
Is it achieved by feeding the output from a MQTT 'in' node into a Websocket 'out' node, and vice-versa?
No laughing now
I'm still failing miserably trying to get MQTT over websockets to work!
I have 2 servers; https://mysite.co.uk & https://nodered.mysite.co.uk, one is on a local RP & the other a Oracle VM. Both have very simple flows;
I have not setup TLS security for the websocket connection yet, and therefore have set up the MQTT node server details like this;
I have setup the topic, no Retain, 0 QoS, and have used ws://nodered.mysite.co.uk in the mysite.co.uk site, and vice versa in the nodered.mysite.co.uk site, but they never connect, and the NR log shows 3 Nov 20:00:36 - [info] [mqtt-broker:bea3f71.9ee2608] Connection failed to broker: ws://nodered.mysite.co.uk
I have searched here & google, but can't find a similar example to follow. Any advice please?
Websockets is an option for how the mqtt nodes connect to the broker, at least that is how I understood it. The mqtt nodes don't talk directly to each other, each one talks to the broker.
IIRC - you have to stick the port number in the server name for some reason
try using ws://nodered.mysite.co.uk:9001 (or whatever port your broker is using for websockets)
